WEKO3
アイテム
Early DoS/DDoS Detection Method using Short-term Statistics
http://hdl.handle.net/2298/16391
http://hdl.handle.net/2298/16391fb9ef471-ceb3-4eac-b526-79b8ee15cad6
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IEEE_CISIS2010.pdf (1.4 MB)
|
|
| Item type | 会議発表論文 / Conference Paper(1) | |||||
|---|---|---|---|---|---|---|
| 公開日 | 2010-10-15 | |||||
| タイトル | ||||||
| タイトル | Early DoS/DDoS Detection Method using Short-term Statistics | |||||
| 言語 | ||||||
| 言語 | eng | |||||
| 資源タイプ | ||||||
| 資源タイプ | conference paper | |||||
| 著者 |
Oshima, Shunsuke
× Oshima, Shunsuke× Nakashima, Takuo× Sueyoshi, Toshinori |
|||||
| 別言語の著者 |
小島, 俊輔
× 小島, 俊輔× 中嶋, 卓雄× 末吉, 敏則 |
|||||
| 内容記述 | ||||||
| 内容記述 | Early detection methods are required to prevent the DoS / DDoS attacks. The detection methods using the entropy have been classified into the long-term entropy based on the observation of more than 10,000 packets and the short-term entropy that of less than 10,000 packets. The long-term entropy have less fluctuation leading to easy detection of anomaly accesses using the threshold, while having the defects in detection at the early attacking stage and of difficulty to trace the short term attacks. In this paper, we propose and evaluate the DoS/DDoS detection method based on the short-term entropy focusing on the early detection. Firstly, the pre-experiment extracted the effective window width; 50 for DDoS and 500 for slow DoS attacks. Secondly, we showed that classifying the type of attacks can be made possible using the distribution of the average and standard deviation of the entropy. In addition, we generated the pseudo attacking packets under a normal condition to calculate the entropy and carry out a test of significance. When the number of attacking packets is equal to the number of arriving packets, the high detection results with False-negative = 5% was extracted, and the effectiveness of the proposed method was shown. | |||||
| 書誌情報 |
CISIS 2010 - The 4th International Conference on Complex, Intelligent and Software Intensive Systems 巻 2010, p. 168-173, 発行日 2010-02-15 |
|||||
| DOI | ||||||
| 関連タイプ | isIdenticalTo | |||||
| 関連識別子 | 10.1109/CISIS.2010.53 | |||||
| 権利 | ||||||
| 権利情報 | (c) 2010 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. | |||||
| フォーマット | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | application/pdf | |||||
| 形態 | ||||||
| 1364846 bytes | ||||||
| 著者版フラグ | ||||||
| 出版タイプ | VoR | |||||
| 日本十進分類法 | ||||||
| 主題Scheme | NDC | |||||
| 主題 | 548 | |||||
| 出版者 | ||||||
| 出版者 | Institute of Electrical and Electronics Engineers | |||||
| 資源タイプ | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | 論文(Article) | |||||
| 資源タイプ・ローカル | ||||||
| 会議発表論文 | ||||||
| 資源タイプ・NII | ||||||
| Conference Paper | ||||||
| 資源タイプ・DCMI | ||||||
| text | ||||||
| 資源タイプ・ローカル表示コード | ||||||
| 01 | ||||||
| URL | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5447418&abstractAccess=no&userType=inst | |||||
| コメント | ||||||
| Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on, 15-18 Feb. 2010 | ||||||
